Annotation of www/crypto.html, Revision 1.9
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
2: <html>
3: <head>
1.2 deraadt 4: <title>OpenBSD Cryptography</title>
1.1 deraadt 5: <link rev=made href=mailto:www@openbsd.org>
6: <meta name="resource-type" content="document">
7: <meta name="description" content="OpenBSD Cryptography use">
8: <meta name="keywords" content="openbsd,main">
9: <meta name="distribution" content="global">
10: <meta name="copyright" content="This document copyright 1997 by OpenBSD.">
11: </head>
12:
13: <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
14:
15: <img alt="[OpenBSD]" SRC="/images/smalltitle.gif">
16:
17: <p>
18: <h3><font color=#e00000><strong>OpenBSD Cryptography</strong></font></h3>
19:
20: The OpenBSD project is based in Canada.<p>
21:
1.2 deraadt 22: The <a href=http://axion.physics.ubc.ca/ECL.html>Export Control
1.3 deraadt 23: List of Canada</a> places no significant restriction on the export of
1.5 deraadt 24: cryptographic software, and is even more explicit about the free
25: export of freely-available cryptographic software. Marc Plumb has
26: done
1.2 deraadt 27: <a href=http://insight.mcmaster.ca/org/efc/pages/doc/crypto-export.html>
1.5 deraadt 28: some research to test the cryptographic laws.</a>
1.2 deraadt 29: <p>
1.1 deraadt 30:
1.3 deraadt 31: Hence the OpenBSD project has embedded cryptography into numerous places
32: in the operating system. We require that the cryptographic software we
33: use be <a href=policy.html>freely available and with good licenses</a>.
1.4 deraadt 34: We do not use cryptography with nasty patents.
1.3 deraadt 35: We also require that such software is from a countries with useful export
1.7 deraadt 36: licenses because we do not wish to break the laws of any country.<p>
37:
38: We use strong and weak crypto in different parts of the system:
1.1 deraadt 39:
40: <ul>
1.7 deraadt 41: <li>Strong blowfish based password entries with 128-bit salt and a
42: strength-control mechanism for the system administrator.
1.1 deraadt 43: <li>KerberosIV fully integrated.
1.4 deraadt 44: <li>IPSEC with 10+ ciphers integrated into the OS.
1.9 ! deraadt 45: <li>The IPSEC <a href=http://wserver.physnet.uni-hamburg.de/provos/photuris/>
1.8 deraadt 46: Photuris daemon.</a>
1.7 deraadt 47: <li>Strong random number components are used in numerous places.
48: <li>All the normal DES code is in libc (where it belongs).
49: <li>DNS id pseudo-randomization.
1.1 deraadt 50: <li>(What have I missed?)
51: </ul>
1.6 deraadt 52: <p>
53:
54: When we make OpenBSD releases or snapshots we do our build processes
55: in free countries to assure that the sources and binaries we provide
1.7 deraadt 56: to users are free of tainting. In the past our release binary builds
57: have been done in Canada, Sweden, and Germany.<p>
1.1 deraadt 58:
59: <hr>
60: <font size="-1">
61: <em>This site Copyright © 1996-1998 OpenBSD.</em><br>
1.9 ! deraadt 62: $OpenBSD: crypto.html,v 1.8 1998/02/21 00:42:36 deraadt Exp $
1.1 deraadt 63: </font>
64:
65: </BODY>
66: </HTML>